文章转载于:http://5ydycm.blog.51cto.com/115934/389631
此工具具有如下功能:
(一)用户管理
1、修改root密码
2、删除用户帐号
3、添加用户帐号
(二)服务管理
1、开启服务
2、关闭服务
(三)防火墙/ssh认证管理
1、关闭默认防火墙,开启自定防火墙脚本(自定义脚本分为:公司环境下,以及互联网环境下)
2、修改ssh认证配置文件(采用publickey认证登录)
(四)自动设置
1、自动添加"互联网环境下"的防火墙
2、采用publickey认证登录
(五)重启功能
所有这些功能都是以函数块做的,大家可以根据自己的需求做出相应的调整以适应自己公司的需求.
开发os:centos5.2
脚本:shell
功能已经基本测试OK,不过。还需要其他朋友挖Bug...
贴些图让大家更直观点:
AutoSetSystem.sh
- #!/bin/bash
- #########################################################################
- #
- # File: autosetsystem.sh
- # Description:
- # Language: GNU Bourne-Again SHell
- # Version: 1.1
- # Date: 2010-9-6
- # WWW: http://5ydycm.blog.51cto.com/
- ###############################################################################
- zzj_key='zzjkey'
- general_iptable_content="/sbin/iptables -F\n/sbin/depmod -a\n/sbin/modprobe ip_tables\n/sbin/modprobe ip_conntrack\n/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT\n/sbin/iptables -A INPUT -i lo -j ACCEPT\n/sbin/iptables -P INPUT DROP"
- public_ip="ip1 ip2 ip3"
- private_ip="ip1 ip2 ip3 ip4"
- MainMenu()
- {
- clear
- echo
- echo "-------------------------------------------------------------------------"
- tput cup 2
- time=`date +"%Y-%m-%d"`
- echo -ne "USER:$USER\tHOST:$HOSTNAME\tdate:$time"
- echo
- tput cup 3
- echo "-------------------------------------------------------------------------"
- tput cup 4 20
- echo -e "1:Manage User;"
- tput cup 5 20
- echo -e "2:Manage Services;"
- tput cup 6 20
- echo -e "3:Manage Firewall/SSH;"
- tput cup 7 20
- tput bold
- echo -e "4:AutoSet;"
- tput sgr0
- tput cup 8 20
- echo -e "5:Reboot;"
- tput cup 9 20
- echo -e "6:Quit;"
- tput cup 10
- echo "--------------------------------------------------------------------------"
- echo -n "You choice [1,2,3,4,5,6]:"
- read AA
- case $AA in
- 1)
- ManageUser
- ;;
- 2)
- ManageServices
- ;;
- 3)
- ManageFirewall
- ;;
- 4)
- AutoSet
- ;;
- 5)
- echo -n "Are you sure reboot system[y|n]?"
- read answer
- if [ $answer == "y" ];then
- shutdown -r now
- exit 0
- else
- echo -n "You forego reboot system!"
- sleep 2
- fi
- ;;
- *)
- Quit
- ;;
- esac
- }
- AutoSet(){
- EnableOutFirewall
- echo -e "\n"
- PublickeyAuthenticate
- }
- AddUser(){
- echo -n "Please input add user name:"
- read username
- (awk -F':' '{print $1}' /etc/passwd|grep ^$username$) && (echo "Add user faild because user exists!"&&sleep 2)||(useradd $username&&passwd $username&&sleep 2)}
- DeleteUser(){
- echo -n "Please input delete user name:"
- read username
- echo -n "Are you sure delete $username[y|n]?"
- read answer
- if [ $answer == "y" ];then
- (awk -F':' '{print $1}' /etc/passwd|grep ^$username$)&&(userdel $username&&echo "user delete sucessfull!"&&sleep 2)||(echo "Delete user faild because user account not exists!"&&sleep 2)
- else
- echo -n "You forego delete $username account!"
- sleep 2
- fi
- }
- ModifyRootpwd(){
- echo -n "Are you sure modify root password[y|n]?"
- read answer
- if [ $answer == "y" ];then
- passwd root
- sleep 2
- else
- echo -n "You forego modify root password!"
- sleep 2
- fi
- }
- ViewUser(){
- more /etc/passwd
- tput bold
- echo "Wait 8 sec!"
- sleep 8
- tput sgr0
- }
- ManageUserMenu(){
- clear
- echo
- echo "-------------------------------------------------------------------------"
- tput cup 2
- time=`date +"%Y-%m-%d"`
- echo -ne "USER:$USER\tHOST:$HOSTNAME\tdate:$time"
- echo
- tput cup 3
- echo "-------------------------------------------------------------------------"
- tput cup 4 20
- echo -e "1:Add User;"
- tput cup 5 20
- echo -e "2:Delete User;"
- tput cup 6 20
- echo -e "3:Modify root password;"
- tput cup 7 20
- echo -e "4:View User;"
- tput cup 8 20
- echo -e "5:Quit;"
- tput cup 9
- echo "--------------------------------------------------------------------------"
- echo -n "You choice [1,2,3,4,5]:"
- read BB
- case $BB in
- 1)
- AddUser
- ;;
- 2)
- DeleteUser
- ;;
- 3)
- ModifyRootpwd
- ;;
- 4)
- ViewUser
- ;;
- *)
- echo "Quit"
- break
- ;;
- esac
- }
- EnableServices(){
- echo -n "Please input enable service name:"
- read servicename
- echo -n "Are you sure enable $servicename[y|n]?"
- read answer
- if [ $answer == "y" ];then
- (chkconfig --list|awk '{print $1}'|grep ^$servicename$)&&(chkconfig --level 345 $servicename on&&echo "service enable sucessfull!"&&sleep 2)||(echo "service enable faild because service not exists!"&&sleep 2)
- else
- echo -n "You forego enable $servicename!"
- sleep 2
- fi
- }
- DisableServices(){
- echo -n "Please input disable service name:"
- read servicename
- echo -n "Are you sure disable $servicename[y|n]?"
- read answer
- if [ $answer == "y" ];then
- (chkconfig --list|awk '{print $1}'|grep ^$servicename$)&&(chkconfig --level 345 $servicename off&&echo "service diable sucessfull!"&&sleep 2)||(echo "service disable faild because service not exists!"&&sleep 2)
- else
- echo -n "You forego disable $servicename!"
- sleep 2
- fi
- }
- ViewServices(){
- chkconfig --list
- tput bold
- echo "Wait 8 sec!"
- sleep 8
- tput sgr0
- }
- ManageServicesMenu(){
- clear
- echo
- echo "-------------------------------------------------------------------------"
- tput cup 2
- time=`date +"%Y-%m-%d"`
- echo -ne "USER:$USER\tHOST:$HOSTNAME\tdate:$time"
- echo
- tput cup 3
- echo "-------------------------------------------------------------------------"
- tput cup 4 20
- echo -e "1:Enable Services;"
- tput cup 5 20
- echo -e "2:Disable Services;"
- tput cup 6 20
- echo -e "3:View Services;"
- tput cup 7 20
- echo -e "4:Quit;"
- tput cup 8
- echo "--------------------------------------------------------------------------"
- echo -n "You choice [1,2,3,4]:"
- read CC
- case $CC in
- 1)
- EnableServices
- ;;
- 2)
- DisableServices
- ;;
- 3)
- ViewServices
- ;;
- *)
- echo "Quit"
- break
- ;;
- esac
- }
- EnableCompanyFirewall(){
- echo -n "Are you sure enable firewall[y|n]?"
- read answer
- if [ $answer == "y" ];then
- if [ ! -d /scripts ];then
- mkdir /scripts
- fi
- echo -e $general_iptable_content >/scripts/start_firewall.sh
- for ip in $private_ip
- do
- echo "/sbin/iptables -A INPUT -s $ip -p tcp --dport 22 -j ACCEPT" >>/scripts/start_firewall.sh
- done
- echo "sh /scripts/start_firewall.sh" >>/etc/rc.local
- chmod +x /scripts/start_firewall.sh
- sh /scripts/start_firewall.sh
- echo "Enable Firewall sucessful!"
- sleep 3
- else
- echo -n "You forego enable firewall!"
- sleep 2
- fi
- }
- EnableOutFirewall(){
- echo -n "Are you sure enable firewall[y|n]?"
- read answer
- if [ $answer == "y" ];then
- if [ ! -d /scripts ];then
- mkdir /scripts
- fi
- echo -e $general_iptable_content >/scripts/start_firewall.sh
- for ip in $public_ip
- do
- echo "/sbin/iptables -A INPUT -s $ip -p tcp --dport 22 -j ACCEPT" >>/scripts/start_firewall.sh
- done
- echo "sh /scripts/start_firewall.sh" >>/etc/rc.local
- chmod +x /scripts/start_firewall.sh
- sh /scripts/start_firewall.sh
- echo "Enable Firewall sucessful!"
- sleep 3
- else
- echo -n "You forego enable firewall!"
- sleep 2
- fi
- }
- FirewallEnvMenu(){
- clear
- echo
- echo "-------------------------------------------------------------------------"
- tput cup 2
- time=`date +"%Y-%m-%d"`
- echo -ne "USER:$USER\tHOST:$HOSTNAME\tdate:$time"
- echo
- tput cup 3
- echo "-------------------------------------------------------------------------"
- tput cup 4 20
- echo -e "1:Enable Company Env Firewall;"
- tput cup 5 20
- echo -e "2:Enable Out Env Firewall;"
- tput cup 6 20
- echo -e "3:Quit;"
- tput cup 7
- echo "--------------------------------------------------------------------------"
- echo -n "You choice [1,2,3]:"
- read EE
- case $EE in
- 1)
- EnableCompanyFirewall
- ;;
- 2)
- EnableOutFirewall
- ;;
- *)
- echo "Quit"
- break
- ;;
- esac
- }
- CustomizeFirewall()
- {
- while true
- do
- FirewallEnvMenu
- done
- }
- PublickeyAuthenticate()
- {
- echo -n "Are you sure enable publickey auth[y|n]?"
- read answer
- if [ $answer == "y" ];then
- if [ ! -d /root/.ssh ];then
- mkdir /root/.ssh
- fi
- touch /root/.ssh/authorized_keys
- echo $zzj_key >/root/.ssh/authorized_keys
- cp /etc/ssh/sshd_config /tmp/sshd_config_bak
- sed 's/^PasswordAuthentication yes$/PasswordAuthentication no/' /etc/ssh/sshd_config > /etc/ssh/tmp_sshd_config
- sed 's/^#PubkeyAuthentication yes$/PubkeyAuthentication yes/' /etc/ssh/tmp_sshd_config > /etc/ssh/tmp1_sshd_config
- sed 's/^#AuthorizedKeysFile/AuthorizedKeysFile/' /etc/ssh/tmp1_sshd_config > /etc/ssh/tmp_sshd_config
- rm -fr /etc/ssh/sshd_config
- rm -fr /etc/ssh/tmp1_sshd_config
- mv /etc/ssh/tmp_sshd_config /etc/ssh/sshd_config
- kill -HUP `cat /var/run/sshd.pid`
- echo "Please use public key try login agains!"
- sleep 5
- else
- echo -n "You forego publickey auth!"
- sleep 2
- fi
- }
- ManagerFirewallMenu(){
- clear
- echo
- echo "-------------------------------------------------------------------------"
- tput cup 2
- time=`date +"%Y-%m-%d"`
- echo -ne "USER:$USER\tHOST:$HOSTNAME\tdate:$time"
- echo
- tput cup 3
- echo "-------------------------------------------------------------------------"
- tput cup 4 20
- echo -e "1:Enable Customize Firewall;"
- tput cup 5 20
- echo -e "2:Enable Publickey Authenticate;"
- tput cup 6 20
- echo -e "3:Quit;"
- tput cup 7
- echo "--------------------------------------------------------------------------"
- echo -n "You choice [1,2,3]:"
- read DD
- case $DD in
- 1)
- CustomizeFirewall
- ;;
- 2)
- PublickeyAuthenticate
- ;;
- *)
- echo "Quit"
- break
- ;;
- esac
- }
- ManageUser ()
- {
- while true
- do
- ManageUserMenu
- done
- }
- ManageServices(){
- while true
- do
- ManageServicesMenu
- done
- }
- ManageFirewall()
- {
- while true
- do
- ManagerFirewallMenu
- done
- }
- Quit()
- {
- echo "Quit"
- break
- }
- while true
- do
- MainMenu
- done